Module: device

Inheritance diagram

Configuration tree diagram

Class Reference

Device module contains objects that exist in the ‘Device’ tab in the firewall GUI

class panos.device.Administrator(*args, **kwargs)

Administrator object

Parameters:

• name (str) – Admin name

• authentication_profile (str) – The authentication profile

• web_client_cert_only (bool) – Use only client certificate authentication (Web)

• superuser (bool) – Admin type - superuser

• superuser_read_only (bool) – Admin type - superuser, read only

• panorama_admin (bool) – Panonrama - a panorama admin only

• device_admin (bool) – Admin type - device admin

• device_admin_read_only (bool) – Admin type - device admin, read only

• vsys (list/str) – Physical firewalls: the vsys this admin should manage

• vsys_read_only (list/str) – Physical firewalls: the vsys this read only admin should manage

• ssh_public_key (str) – Use Public Key Authentication (SSH)

• role_profile (str) – The role based profile

• password_hash (encrypted str) – The encrypted password

• password_profile (str) – The password profile for this user

• vsys_device (list) – The vsys list (excluded)

• vsys_read_only_device (list) – The read-only device list (excluded)

change_password(new_password)

Update the password.

Modifies the live device

Parameters:

new_password (str) – The new password for this user.

class panos.device.AdvancedRoutingEngine(*args, **kwargs)

Note: This is valid for PANS-OS 10.2+.

Parameters:

enable (bool) – Enable advanced routing engine

class panos.device.AuthenticationProfile(*args, **kwargs)

Authentication profile object.

Note: This is valid for PAN-OS 8.0+.

Parameters:

• name (string) – The name

• profile_type – Authentication profile type. Valid values are “none” (default), “kerberos”, “ldap”, “local-database”, “radius”, “saml-idp”, or “tacplus”.

• server_profile (string) – Login method server profile

• retrieve_user_group (bool) – Retrieve user group from RADIUS or TACACS+

• ldap_login_attribute (string) – LDAP login attribute

• ldap_password_expiry_warning (string) – LDAP number of days prior to warning a user about password expiry

• kerberos_realm (string) – Kerberos realm name to be used for authentication

• saml_request_signing_certificate (string) – SAML-IDP request signing certificate

• saml_enable_single_logout (bool) – SAML enable single_logout

• saml_certificate_profile (string) – SAML certificate profile

• saml_username_attribute (string) – SAML attribute name usrname

• saml_user_group_attribute (string) – SAML attribute name user group

• saml_admin_role_attribute (string) – SAML attribute name admin role

• saml_access_domain_attribute (string) – SAML attribute name access domain

• user_domain (string) – User domain

• username_modifier (string) – Username modifier

• sso_realm (string) – Single-sign-on Kerberos realm

• sso_service_principal (string) – Single-sign-on Kerberos service principal

• sso_keytab (string) – Single-sign-on Kerberos keytab

• mfa_enable (bool) – Multi factor auth enable

• mfa_factors (list) – Multi factor auth factors

• allow_list (list) – Allow users

• failed_attempts (int) – number of permitted failed attempts

• lockout_time (int) – amount of time use will be locked

class panos.device.AuthenticationSequence(*args, **kwargs)

Authentication Sequence object.

Note: This is valid for PAN-OS 7.0+.

Parameters:

• name (string) – The name

• authentication_profiles (list) – The authentication profiles

• use_domain_find_profile (bool) – Use domain find profile

class panos.device.CertificateProfile(*args, **kwargs)

Certificate profile object.

Parameters:

• name (str) – The name

• username_field (str) – The username field. Valid values are “subject”, “subject-alt”, or “none”.

• username_field_value (str) – The value for the given username_field.

• domain (str) – The domain.

• use_crl (bool) – Use CRL.

• use_ocsp (bool) – Use OCSP.

• crl_receive_timeout (int) – CRL receive timeout (sec).

• ocsp_receive_timeout (int) – OCSP receive timeout (sec).

• certificate_status_timeout (int) – Certificate status timeout (sec).

• block_unknown_certificate (bool) – Block session if certificate status is unknown.

• block_certificate_timeout (bool) – Block if a session certificate status can’t be retrieved within timeout.

• block_unauthenticated_certificate (bool) – (PAN-OS 7.1) Block session if the certificate was not issued to the authenticating device.

• block_expired_certificate (bool) – (PAN-OS 8.1) Block session if the certificate is expired.

• ocsp_exclude_nonce (bool) – (PAN-OS 9.0) Whether to exclude nonce extension for OCSP requests.

class panos.device.CertificateProfileCaCertificate(*args, **kwargs)

CA certificate for a certificate profile.

Parameters:

• name (str) – The name.

• default_ocsp_url (str) – Default URL for OCSP verification.

• ocsp_verify_certificate (str) – Certificate to verify signature in OCSP response.

• template_name (str) – (PAN-OS 9.0+) Template name / OID for the certificate.

class panos.device.EmailServer(*args, **kwargs)

An email server in a email server profile.

Parameters:

• name (str) – The name

• display_name (str) – Display name

• from (str) – From email address

• to (str) – To email address

• also_to (str) – Additional destination email address

• email_gateway (str) – IP address or FQDN of email gateway to use

• protocol (str) – (PAN-OS 10.0+) SMTP for clear-text or TLS for encrypted

• port (int) – (PAN-OS 10.0+) Port number

• tls_version (str) – (PAN-OS 10.0+) TLS handshake protocol version.

• auth (str) – (PAN-OS 10.0+) Authentication type.

• certificate_profile (str) – (PAN-OS 10.0+) Certificate profile for validating server certificate.

• username (str) – (PAN-OS 10.0+) Authentication username.

• password (str) – (PAN-OS 10.0+) Authentication password.

class panos.device.EmailServerProfile(*args, **kwargs)

An email server profile.

Parameters:

• name (str) – The name

• config (str) – Custom config log format

• system (str) – Custom system log format

• threat (str) – Custom threat log format

• traffic (str) – Custom traffic log format

• hip_match (str) – Custom HIP match log format

• url (str) – (PAN-OS 8.0+) Custom URL log format

• data (str) – (PAN-OS 8.0+) Custom data log format

• wildfire (str) – (PAN-OS 8.0+) Custom WildFire log format

• tunnel (str) – (PAN-OS 8.0+) Custom tunnel log format

• user_id (str) – (PAN-OS 8.0+) Custom user-ID log format

• gtp (str) – (PAN-OS 8.0+) Custom GTP log format

• auth (str) – (PAN-OS 8.0+) Custom authentication log format

• sctp (str) – (PAN-OS 8.1+) Custom SCTP log format

• iptag (str) – (PAN-OS 9.0+) Custom Iptag log format

• escaped_characters (str) – Characters to be escaped

• escape_character (str) – Escape character

class panos.device.HttpAuthHeader(*args, **kwargs)

HTTP header for auth.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpAuthParam(*args, **kwargs)

HTTP param for auth.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpConfigHeader(*args, **kwargs)

HTTP header for config.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpConfigParam(*args, **kwargs)

HTTP param for config.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpDataHeader(*args, **kwargs)

HTTP header for data.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpDataParam(*args, **kwargs)

HTTP param for data.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpDecryptionHeader(*args, **kwargs)

HTTP header for Decryption.

Note: This is valid for PAN-OS 10.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpDecryptionParam(*args, **kwargs)

HTTP param for Decryption.

Note: This is valid for PAN-OS 10.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpGlobalProtectHeader(*args, **kwargs)

HTTP header for GlobalProtect.

Note: This is valid for PAN-OS 9.1+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpGlobalProtectParam(*args, **kwargs)

HTTP param for GlobalProtect.

Note: This is valid for PAN-OS 9.1+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpGtpHeader(*args, **kwargs)

HTTP header for GTP.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpGtpParam(*args, **kwargs)

HTTP param for GTP.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpHipMatchHeader(*args, **kwargs)

HTTP header for HIP match.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpHipMatchParam(*args, **kwargs)

HTTP param for HIP match.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpIpTagHeader(*args, **kwargs)

HTTP header for IP tag.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpIpTagParam(*args, **kwargs)

HTTP param for IP tag.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpSctpHeader(*args, **kwargs)

HTTP header for SCTP.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpSctpParam(*args, **kwargs)

HTTP param for SCTP.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpServer(*args, **kwargs)

A single HTTP server in a HTTP server profile.

Parameters:

• name (str) – The name

• address (str) – IP address or FQDN of HTTP server to use

• protocol (str) – HTTPS (default) or HTTP

• port (int) – Port number (default: 443).

• tls_version (str) – (PAN-OS 9.0+) TLS handshake protocol version. Valid values are 1.0, 1.1, or 1.2.

• certificate_profile (str) – (PAN-OS 9.0+) Certificate profile for validating server certificate

• http_method (str) – HTTP method to use (default: POST).

• username (str) – Username for basic HTTP auth

• password (str) – Password for basic HTTP auth

class panos.device.HttpServerProfile(*args, **kwargs)

A HTTP server profile.

Note: This is valid for PAN-OS 8.0+.

Parameters:

• name (str) – The name

• tag_registration (bool) – The server should have User-ID agent running in order for tag registration to work

• config_name (str) – Name for custom config format

• config_uri_format (str) – URI format for custom config format

• config_payload (str) – Payload for custom config format

• system_name (str) – Name for custom system format

• system_uri_format (str) – URI format for custom system format

• system_payload (str) – Payload for custom system format

• threat_name (str) – Name for custom threat format

• threat_uri_format (str) – URI format for custom threat format

• threat_payload (str) – Payload for custom threat format

• traffic_name (str) – Name for custom traffic format

• traffic_uri_format (str) – URI format for custom traffic format

• traffic_payload (str) – Payload for custom traffic format

• hip_match_name (str) – Name for custom HIP match format

• hip_match_uri_format (str) – URI format for custom HIP match format

• hip_match_payload (str) – Payload for custom HIP match format

• url_name (str) – Name for custom url format

• url_uri_format (str) – URI format for custom url format

• url_payload (str) – Payload for custom url format

• data_name (str) – Name for custom data format

• data_uri_format (str) – URI format for custom data format

• data_payload (str) – Payload for custom data format

• wildfire_name (str) – Name for custom wildfire format

• wildfire_uri_format (str) – URI format for custom wildfire format

• wildfire_payload (str) – Payload for custom wildfire format

• tunnel_name (str) – Name for custom tunnel format

• tunnel_uri_format (str) – URI format for custom tunnel format

• tunnel_payload (str) – Payload for custom tunnel format

• user_id_name (str) – Name for custom User-ID format

• user_id_uri_format (str) – URI format for custom User-ID format

• user_id_payload (str) – Payload for custom User-ID format

• gtp_name (str) – Name for custom GTP format

• gtp_uri_format (str) – URI format for custom GTP format

• gtp_payload (str) – Payload for custom GTP format

• auth_name (str) – Name for custom auth format

• auth_uri_format (str) – URI format for custom auth format

• auth_payload (str) – Payload for custom auth format

• sctp_name (str) – (PAN-OS 8.1+) Name for custom SCTP format

• sctp_uri_format (str) – (PAN-OS 8.1+) URI format for custom SCTP format

• sctp_payload (str) – (PAN-OS 8.1+) Payload for custom SCTP format

• iptag_name (str) – (PAN-OS 9.0+) Name for custom IP tag format

• iptag_uri_format (str) – (PAN-OS 9.0+) URI format for custom IP tag format

• iptag_payload (str) – (PAN-OS 9.0+) Payload for custom IP tag format

• globalprotect_name (str) – (PAN-OS 9.1+) Name for custom GlobalProtect format

• globalprotect_uri_format (str) – (PAN-OS 9.1+) URI format for custom GlobalProtect format

• globalprotect_payload (str) – (PAN-OS 9.1+) Payload for custom GlobalProtect format

• decryption_name (str) – (PAN-OS 10.0+) Name for custom Decryption format

• decryption_uri_format (str) – (PAN-OS 10.0+) URI format for custom Decryption format

• decryption_payload (str) – (PAN-OS 10.0+) Payload for custom Decryption format

class panos.device.HttpSystemHeader(*args, **kwargs)

HTTP header for system.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpSystemParam(*args, **kwargs)

HTTP param for system.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpThreatHeader(*args, **kwargs)

HTTP header for threat.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpThreatParam(*args, **kwargs)

HTTP param for threat.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpTrafficHeader(*args, **kwargs)

HTTP header for traffic.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpTrafficParam(*args, **kwargs)

HTTP param for traffic.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpTunnelHeader(*args, **kwargs)

HTTP header for tunnel.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpTunnelParam(*args, **kwargs)

HTTP param for tunnel.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpUrlHeader(*args, **kwargs)

HTTP header for URL.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpUrlParam(*args, **kwargs)

HTTP param for URL.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpUserIdHeader(*args, **kwargs)

HTTP header for user-ID.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpUserIdParam(*args, **kwargs)

HTTP param for user-ID.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.HttpWildfireHeader(*args, **kwargs)

HTTP header for WildFire.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The header name

• value (str) – The header value

class panos.device.HttpWildfireParam(*args, **kwargs)

HTTP param for WildFire.

Note: This is valid for PAN-OS 8.0+

Parameters:

• name (str) – The param name

• value (str) – The param value

class panos.device.LdapServer(*args, **kwargs)

An ldap server in a ldap server profile

Parameters:

• name (str) – The name

• address (str) – IP address or FQDN of ldap server to use

• port (str) – port number

class panos.device.LdapServerProfile(*args, **kwargs)

An ldap server profile.

Note: Valid for PAN-OS 7.0+.

Parameters:

• name (str) – The name

• ldap_type (str) – Ldap profile type. Valid values are “other” (default), “active-directory”, “e-directory”, or “sun”.

• base (str) – Base DN

• bind_dn (str) – Bind DN

• bind_password (str) – Bind password

• bind_timelimit (int) – Bind timeout

• timelimit (int) – Search timeout

• retry_interval (int) – Retry interval

• ssl (bool) – Require ssl/ttls secured connection

• verify_server_certificate (bool) – Verify server certificate for ssl sessions

• disabled (bool) – Disabled or not

class panos.device.LocalUserDatabaseGroup(*args, **kwargs)

A Local User Database group.

Parameters:

• name (str) – Name.

• users (list) – The local users in this group.

class panos.device.LocalUserDatabaseUser(*args, **kwargs)

A Local User Database User.

Parameters:

• name (str) – Name.

• password_hash (str) – The password hash.

• disabled (bool) – Set to True if the user is disabled.

change_password(new_password)

Update the password.

Modifies the live device

Parameters:

new_password (str) – The new password for this user.

class panos.device.LogSettingsConfig(*args, **kwargs)

Firewall or Panorama device log settings configuration

Note: This is valid for PANS-OS 8.0+.

Parameters:

• name (string) – The name

• filter (string) – Valid values are “All logs” (default) or create your own filter

• description (string) – Description

• send_to_panorama (bool) – Send to panorama

• send_email (list) – Send email profile

• send_snmp (list) – Send snmp profile

• send_syslog (list) – Send syslog profile

• send_http (list) – Send http profile

class panos.device.LogSettingsSystem(*args, **kwargs)

Firewall or Panorama device log settings system

Note: This is valid for PANS-OS 8.0+.

Parameters:

• name (string) – The name

• filter (string) – Valid values are “All logs” (default) or create your own filter

• description (string) – Description

• send_to_panorama (bool) – Send to panorama

• send_email (list) – Send email profile

• send_snmp (list) – Send snmp profile

• send_syslog (list) – Send syslog profile

• send_http (list) – Send http profile

class panos.device.NTPServer(*args, **kwargs)

A primary or secondary NTP server

This is an abstract base class, do not instantiate it.

Parameters:

address (str) – The IP address of the NTP server

classmethod variables()

Defines the variables that exist in this object. Override in each subclass.

class panos.device.NTPServerPrimary(*args, **kwargs)

A primary NTP server

Add to a panos.device.SystemSettings object

Parameters:

address (str) – IP address or hostname of NTP server

class panos.device.NTPServerSecondary(*args, **kwargs)

A secondary NTP server

Add to a panos.device.SystemSettings object

Parameters:

address (str) – IP address or hostname of NTP server

class panos.device.PasswordProfile(*args, **kwargs)

Password profile object

Parameters:

• name (str) – Password profile name

• expiration (int) – Number of days until the password expires

• warning (int) – Number of days warning before password expires

• login_count (int) – Post expiration admin login count

• grace_period (int) – Post expiration grace period

class panos.device.SnmpServerProfile(*args, **kwargs)

SNMP server profile.

Parameters:

• name (str) – The name

• version (str) – SNMP version. Valid values are v2c (default) or v3.

class panos.device.SnmpV2cServer(*args, **kwargs)

SNMP V2C server in a server.

Parameters:

• name (str) – The name

• manager (str) – IP address or FQDN of SNMP manager to use

• community (str) – SNMP community

class panos.device.SnmpV3Server(*args, **kwargs)

SNMP V3 server.

Parameters:

• name (str) – The name

• manager (str) – IP address or FQDN of SNMP manager to use

• user (str) – User

• engine_id (str) – A hex number

• auth_password (str) – Authentication protocol password

• priv_password (str) – Privacy protocol password

class panos.device.SslDecrypt(*args, **kwargs)

SSL decrypt configuration for certificates.

Note: PAN-OS 8.0+

Parameters:

• forward_trust_certificate_rsa (str) – RSA CA certificate for trusted sites.

• forward_trust_certificate_ecdsa (str) – ECDSA CA certificate for trusted sites.

• forward_untrust_certificate_rsa (str) – RSA CA certificate for untrusted sites.

• forward_untrust_certificate_ecdsa (str) – ECDSA CA certificate for untrusted sites.

• root_ca_excludes (list) – List of predefined root CAs to not trust.

• trusted_root_cas (list) – List of trusted root CAs.

• disabled_predefined_exclude_certificates (list) – Disabled predefined SSL exclude certificates.

class panos.device.SslDecryptExcludeCert(*args, **kwargs)

SSL decryption exclusion object.

Note: PAN-OS 8.0+

Parameters:

• name (str) – The name.

• description (str) – Description.

• exclude (bool) – Exclude boolean.

class panos.device.SyslogServer(*args, **kwargs)

A single syslog server in a syslog server profile.

Parameters:

• name (str) – The name

• server (str) – IP address or FQDN of the syslog server

• transport (str) – Syslog transport. Valid values are UDP (default), TCP, or SSL.

• port (int) – Syslog port number.

• format (str) – Format of the syslog message. Valid values are BSD (default) or IETF.

• facility (str) – Syslog facility. Valid values are LOG_USER (default), or LOG_LOCAL0 through LOG_LOCAL7.

class panos.device.SyslogServerProfile(*args, **kwargs)

A syslog server profile.

Parameters:

• name (str) – The name

• config (str) – Custom config log format

• system (str) – Custom system log format

• threat (str) – Custom threat log format

• traffic (str) – Custom traffic log format

• hip_match (str) – Custom HIP match log format

• url (str) – (PAN-OS 8.0+) Custom URL log format

• data (str) – (PAN-OS 8.0+) Custom data log format

• wildfire (str) – (PAN-OS 8.0+) Custom WildFire log format

• tunnel (str) – (PAN-OS 8.0+) Custom tunnel log format

• user_id (str) – (PAN-OS 8.0+) Custom user-ID log format

• gtp (str) – (PAN-OS 8.0+) Custom GTP log format

• auth (str) – (PAN-OS 8.0+) Custom authentication log format

• sctp (str) – (PAN-OS 8.1+) Custom SCTP log format

• iptag (str) – (PAN-OS 9.0+) Custom Iptag log format

• escaped_characters (str) – Characters to be escaped

• escape_character (str) – Escape character

class panos.device.SystemSettings(*args, **kwargs)

Firewall or Panorama device system settings

Add only one of these to a parent object.

If you want to configure DHCP on the management interface, you should specify settings for dhcp_send_hostname and dhcp_send_client_id.

Parameters:

• hostname (str) – The hostname of the device

• domain (str) – The domain of the device

• ip_address (str) – Management interface IP address

• netmask (str) – Management interface netmask

• default_gateway (str) – Management interface default gateway

• ipv6_address (str) – Management interface IPv6 address

• ipv6_default_gateway (str) – Management interface IPv6 default gateway

• dns_primary (str) – Primary DNS server IP address

• dns_secondary (str) – Secondary DNS server IP address

• timezone (str) – Device timezone

• panorama (str) – IP address of primary Panorama

• panorama2 (str) – IP address of secondary Panorama

• login_banner (str) – Login banner text

• update_server (str) – IP or hostname of the update server

• verify_update_server (bool) – Verify the update server identity

• dhcp_send_hostname (bool) – (DHCP Mngt) Send Hostname

• dhcp_send_client_id (bool) – (DHCP Mngt) Send Client ID

• accept_dhcp_hostname (bool) – (DHCP Mngt) Accept DHCP hostname

• accept_dhcp_domain (bool) – (DHCP Mngt) Accept DHCP domain name

• proxy_server (str) – Secure proxy server to use

• proxy_port (int) – Port for secure proxy server

• proxy_username (str) – Secure proxy user name to use

• proxy_password (str) – Secure proxy password to use

class panos.device.Telemetry(*args, **kwargs)

Share telemetry data with Palo Alto Networks.

Join other Palo Alto Networks customers in a global sharing community, helping to raise the bar against the latest attack techniques. Your participation allows us to deliver new threat prevention controls across the attack lifecycle. Choose the type of data you share across applications, threat intelligence, and device health information to improve the fidelity of the protections we deliver. This is an opt-in feature controlled with granular policy, and we encourage you to join the community.

Add only one of these to a firewall.

Parameters:

• app_reports (bool) – Application reports

• threat_reports (bool) – Threat preventioin reports

• url_reports (bool) – URL reports

• file_type_reports (bool) – File type identification reports

• threat_data (bool) – Threat prevention data

• threat_pcaps (bool) – Enable sending packet captures with threat prevention information. This requires that “threat_data” also be enabled.

• product_usage_stats (bool) – Health and performance reports

• passive_dns_monitoring (bool) – Passive DNS monitoring

class panos.device.Vsys(*args, **kwargs)

Virtual System (VSYS)

You can interact with virtual systems in two different ways:

Method 1. Use a panos.firewall.Firewall object with the ‘vsys’ variable set to a vsys identifier (eg. ‘vsys2’). In this case, you don’t need to use this Vsys class. Add other PanObject instances (like panos.objects.AddressObject) to the Firewall instance

Method 2. Add an instance of this Vsys class to a panos.firewall.Firewall object. It is best practice to set the Firewall instance’s ‘shared’ variable to True when using this method. Add other PanObject instances (like panos.objects.AddressObject) to the Vsys instance.

Parameters:

• name (str) – Vsys identifier (eg. ‘vsys1’, ‘vsys5’, etc)

• display_name (str) – Friendly name of the vsys

• interface (list) – A list of strings with names of interfaces or a list of panos.network.Interface objects

• vlans (list) – A list of strings of VLANs

• virtual_wires (list) – A list of strings of virtual wires

• virtual_routers (list) – A list of strings of virtual routers

• visible_vsys (list) – A list of strings of the vsys visible

• dns_proxy (str) – DNS Proxy server

• decrypt_forwarding (bool) – Allow forwarding of decrypted content

property vsys

Return the vsys for this object

Traverses the tree to determine the vsys from a panos.firewall.Firewall or panos.device.Vsys instance somewhere before this node in the tree.

Returns:

The vsys id (eg. vsys2)

Return type:

str

class panos.device.VsysResources(*args, **kwargs)

Resource constraints for a Vsys

Parameters:

• max_security_rules (int) – Maximum security rules

• max_nat_rules (int) – Maximum nat rules

• max_ssl_decryption_rules (int) – Maximum ssl decryption rules

• max_qos_rules (int) – Maximum QOS rules

• max_application_override_rules (int) – Maximum application override rules

• max_pbf_rules (int) – Maximum policy based forwarding rules

• max_cp_rules (int) – Maximum captive portal rules

• max_dos_rules (int) – Maximum DOS rules

• max_site_to_site_vpn_tunnels (int) – Maximum site-to-site VPN tunnels

• max_concurrent_ssl_vpn_tunnels (int) – Maximum ssl VPN tunnels

• max_sessions (int) – Maximum sessions